Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
T
TLMSP curl
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
CYBER - Cyber Security
TS 103 523 MSP
TLMSP
TLMSP curl
Commits
964066c0
Commit
964066c0
authored
20 years ago
by
Daniel Stenberg
Browse files
Options
Downloads
Patches
Plain Diff
Added missing info for the command line tool, as noted by Mike Kienenberger
parent
a913e936
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
docs/SSLCERTS
+15
-3
15 additions, 3 deletions
docs/SSLCERTS
with
15 additions
and
3 deletions
docs/SSLCERTS
+
15
−
3
View file @
964066c0
...
...
@@ -20,13 +20,13 @@ server, do one of the following:
1. Tell libcurl to *not* verify the peer. With libcurl you disable with with
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
With the curl command tool, you disable this with -k/--insecure.
With the curl command
line
tool, you disable this with -k/--insecure.
2. Get a CA certificate that can verify the remote server and use the proper
option to point out this CA cert for verification when connecting. For
libcurl hackers: curl_easy_setopt(curl, CURLOPT_CAPATH, capath);
With the curl command tool: --cacert [file]
With the curl command
line
tool: --cacert [file]
3. Add the CA cert for your server to the existing default CA cert bundle.
The default path of the CA bundle installed with the curl package is:
...
...
@@ -34,6 +34,19 @@ server, do one of the following:
configure with the --with-ca-bundle option pointing out the path of your
choice.
If you're using the curl command line tool, you can specify your own CA
cert path by setting the environment variable CURL_CA_BUNDLE to the path
of your choice.
If you're using the curl command line toll on Windows, curl will search
for a CA cert file named "curl-ca-bundle.crt" in these directories and in
this order:
1. application's directory
2. current working directory
3. Windows System directory (e.g. C:\windows\system32)
4. Windows Directory (e.g. C:\windows)
5. all directories along %PATH%
Neglecting to use one of the above menthods when dealing with a server using a
certficate that isn't signed by one of the certficates in the installed CA
cert bundle, will cause SSL to report an error ("certificate verify failed")
...
...
@@ -45,4 +58,3 @@ trouble for some users, since it adds security to a majority of the SSL
connections that previously weren't really secure. It turned out many people
were using previous versions of curl/libcurl without realizing the need for
the CA cert options to get truly secure SSL connections.
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
